I keep getting that "exploit completed but no session was created" Error everytime I run and exploit

Every time I run an exploit no matter the attack or payload I keep getting this error. I really need help. This really isn't working and it seems like it should. I have disabled my firewall, and I am trying sudo apt-get --auto-remove metasploit-framework and it is not working. It says "Sense Auto is not understood, try true or false." I am trying to work with LAME, but legacy gives me the same issues. It doesn't matter the payload or the exploit I still get that error. It's making me sad guys. I really want this to work. I have been using this forum post https://forum.hackthebox.eu/discussion/3011/solved-exploit-completed-but-no-sessions-created. I still am having issues

Comments

  • @ogoody3365 said:

    Every time I run an exploit no matter the attack or payload I keep getting this error. I really need help. This really isn't working and it seems like it should. I have disabled my firewall, and I am trying sudo apt-get --auto-remove metasploit-framework and it is not working. It says "Sense Auto is not understood, try true or false." I am trying to work with LAME, but legacy gives me the same issues. It doesn't matter the payload or the exploit I still get that error. It's making me sad guys. I really want this to work. I have been using this forum post https://forum.hackthebox.eu/discussion/3011/solved-exploit-completed-but-no-sessions-created. I still am having issues

    Without more information, it's difficult to do anything except guess an answer.

    Some things to consider.

    • Your attack and payload have to be valid for the target. If you are just trying a load of them, then all kinds of things might be happening. Without knowing what box you are using what attack on it could be as simple as MSF is never going to work on the attack you are trying.

    For example, if you are using the vsftpd_234_backdoor exploit on Lame, it _ won't_ work. All you will ever get is Exploit completed, but no session was created.

    • You need to make sure your choice of staged vs non-staged payload is going to work not the target.
    • When you run the exploit, does MSF say the target is vulnerable before it says it can't create the session? If not, that is the problem.
    • You've disabled the firewall but there are still other reasons why a port might not be suitable for the shell. Try some different LPORT settings and see if that changes anything.
    • If you are using an SMB exploit on an old box with a new version of MSF (such as MSF6), then there are lots of other complexities which could mean it won't work. Most of the exploits on Lame seem to use MSF5.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Type your comment> @TazWake said:

    @ogoody3365 said:

    Every time I run an exploit no matter the attack or payload I keep getting this error. I really need help. This really isn't working and it seems like it should. I have disabled my firewall, and I am trying sudo apt-get --auto-remove metasploit-framework and it is not working. It says "Sense Auto is not understood, try true or false." I am trying to work with LAME, but legacy gives me the same issues. It doesn't matter the payload or the exploit I still get that error. It's making me sad guys. I really want this to work. I have been using this forum post https://forum.hackthebox.eu/discussion/3011/solved-exploit-completed-but-no-sessions-created. I still am having issues

    Without more information, it's difficult to do anything except guess an answer.

    Some things to consider.

    • Your attack and payload have to be valid for the target. If you are just trying a load of them, then all kinds of things might be happening. Without knowing what box you are using what attack on it could be as simple as MSF is never going to work on the attack you are trying.

    For example, if you are using the vsftpd_234_backdoor exploit on Lame, it _ won't_ work. All you will ever get is Exploit completed, but no session was created.

    • You need to make sure your choice of staged vs non-staged payload is going to work not the target.
    • When you run the exploit, does MSF say the target is vulnerable before it says it can't create the session? If not, that is the problem.
    • You've disabled the firewall but there are still other reasons why a port might not be suitable for the shell. Try some different LPORT settings and see if that changes anything.
    • If you are using an SMB exploit on an old box with a new version of MSF (such as MSF6), then there are lots of other complexities which could mean it won't work. Most of the exploits on Lame seem to use MSF5.

    Thank you for your help. Can I chat with you safely? like, I don't know how to appropriately explain this. do you have discord or something? I feel like the issue that I would like fix would be the trying to uninstall Metasploit. This is making me sad and feel kinda dumb, but I will not give up. another question is when I am changing the payload and I try to run something like...payload/cmd/unix/reverse_zsh I get unknown command.

  • @ogoody3365 said:

    Thank you for your help. Can I chat with you safely?

    Yes - you can send me a direct message on this but I might not reply for 6-7 hours now.

    like, I don't know how to appropriately explain this. do you have discord or something? I feel like the issue that I would like fix would be the trying to uninstall Metasploit.

    Uninstalling metasploit is unlikely to fix this problem. Its almost certainly not the problem here.

    This is making me sad and feel kinda dumb, but I will not give up. another question is when I am changing the payload and I try to run something like...payload/cmd/unix/reverse_zsh I get unknown command.

    If you run random payloads, you will probably get random output.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Type your comment> @TazWake said:

    @ogoody3365 said:

    Every time I run an exploit no matter the attack or payload I keep getting this error. I really need help. This really isn't working and it seems like it should. I have disabled my firewall, and I am trying sudo apt-get --auto-remove metasploit-framework and it is not working. It says "Sense Auto is not understood, try true or false." I am trying to work with LAME, but legacy gives me the same issues. It doesn't matter the payload or the exploit I still get that error. It's making me sad guys. I really want this to work. I have been using this forum post https://forum.hackthebox.eu/discussion/3011/solved-exploit-completed-but-no-sessions-created. I still am having issues

    Without more information, it's difficult to do anything except guess an answer.

    Some things to consider.

    • Your attack and payload have to be valid for the target. If you are just trying a load of them, then all kinds of things might be happening. Without knowing what box you are using what attack on it could be as simple as MSF is never going to work on the attack you are trying.

    For example, if you are using the vsftpd_234_backdoor exploit on Lame, it _ won't_ work. All you will ever get is Exploit completed, but no session was created.

    • You need to make sure your choice of staged vs non-staged payload is going to work not the target.
    • When you run the exploit, does MSF say the target is vulnerable before it says it can't create the session? If not, that is the problem. It does not What does this mean?
    • You've disabled the firewall but there are still other reasons why a port might not be suitable for the shell. Try some different LPORT settings and see if that changes anything.
    • If you are using an SMB exploit on an old box with a new version of MSF (such as MSF6), then there are lots of other complexities which could mean it won't work. Most of the exploits on Lame seem to use MSF5.

    So if I can't exploit the vulnerabilities for the lame box should I just move on? I keep getting this exploit completed message, but no shells. Would it hurt to downgrade msf? if so how do I do that?

  • @ogoody3365 said:

    So if I can't exploit the vulnerabilities for the lame box should I just move on?

    Well, you can but you don't have to. MSF is not the only way to exploit the box.

    At least one of the walk through for the box covers a non-MSF exploitation approach.

    https://medium.com/@nmappn/lame-hack-the-box-without-metasploit-1b3a138f9206 and https://wiki.jacobshodd.com/writeups/hack-the-box/lame

    They use a python script to exploit SMB. It probably uses python2 so you might still face challenges getting it working.

    Part of it depends on what you want to get out of exploiting Lame. There isn't a lot about this box which you can re-use elsewhere.

    I keep getting this exploit completed message, but no shells.

    Just to check then, you are trying: exploit/multi/samba/usermap_script?

    If so it might be that you need to go for either the python approach or a different box.

    Would it hurt to downgrade msf? if so how do I do that?

    I don't know and it would cause loads of issues on everything else. If you really need this to work, you might be better downloading an older Kali image and installing that. Or spin up a new VM with any distro and just install old MSF - then you can dispose of it when you are done.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • I just wanna get a shell or be able to exploit anything. This is really making me sad. I just really need a win. I switched to scriptkiddie and all of the payloads that are available for TCP 5000 Werkzeug they all fail with this error. when I try bind shells it looks it says secret code not found. I just want this to work.

  • @ogoody3365 said:

    I just wanna get a shell or be able to exploit anything.

    Ok, but there are a lot of other retired boxes.

    With lame, you can still get a shell with the python exploit.

    This is really making me sad. I just really need a win. I switched to scriptkiddie and all of the payloads that are available for TCP 5000 Werkzeug they all fail with this error.

    So that's a live box until tomorrow which makes giving blatant advice challenging.

    However, the initial foothold is not an exploit on TCP5000.

    when I try bind shells it looks it says secret code not found. I just want this to work.

    Scriptkiddie's initial foothold requires a bit of googling to find, it is easy to do, it just isn't easy to know.

    I get that it is really frustrating for you right now, but a better plan might be to step away from trying to use MSF as an autopwn and find a different retired box. Work through the walkthrough and keep good notes. Then, after you've done a few, you will find it all a bit easier.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • I had the same problem with metasploit in Legacy and Lame.
    It turns out I had to change my LHOST to tun0.
    To find out what is your IP address of tun0 type "ifconfig" and look at the address next to "inet" in the terminal.

  • edited July 2

    Changing it to tun0 IP and I'm able to get a reverse connection back !

Sign In to comment.